Candidate DPG mapping (draft)
This was originally a slightly nicer Google Spreadsheet. It’s put here in case we want to keep working on it. Neither the mapping procedure nor the entries have been discussed or formalized in any way. It’s essentially just a collection of open source projects that deal with the consent question to a varying extend. None of them were found to be suitable candidates.
Project name | URL | Remarks | Cookie banner | Other uses possible | Regulatory references | Compatible with Consent BB | Likely infringements of GDPR? | Description |
Klaro | Does not support any broader definition of consent, just third-party usage of website tracking data. It likely suffers from the same issues that the Consent Framework has been found in violation of GDPR for. | TRUE | FALSE | FALSE | FALSE | TRUE | Klaro [klɛro] is a simple consent management platform (CMP) and privacy tool that helps you to be transparent about the third-party applications on your website. It is designed to be extremely simple, intuitive and easy to use while allowing you to be compliant with all relevant regulations (notably GDPR and ePrivacy). | |
Orejime | Fork of Klaro w/ accessibility regulations satisfied. | TRUE | FALSE | FALSE | FALSE | TRUE | Klaro [klɛro] is a simple consent management platform (CMP) and privacy tool that helps you to be transparent about the third-party applications on your website. It is designed to be extremely simple, intuitive and easy to use while allowing you to be compliant with all relevant regulations (notably GDPR and ePrivacy). | |
PDPA-Consent | Wordpress-plugin built for Thai regulations, ultimately just a website cookie banner | TRUE | FALSE | TRUE | FALSE | FALSE |
| |
kirby3-cookie-banner | Another nice example of someone tagging a cookie banner with no auditable trail as "consent management". | TRUE | FALSE | FALSE | FALSE | TRUE |
| |
wagtail-tag-manager | An interesting case, based on thorough work and analysis of ePrivacy. Consent is actually stored in a database, but everything is modeled for cookies: https://github.com/jberghoef/wagtail-tag-manager/blob/master/src/wagtail_tag_manager/models/others.py#L85 | TRUE | FALSE | TRUE | FALSE | FALSE | Wagtail Tag Manager (WTM for short) is a Wagtail addon that allows for easier and GDPR compliant administration of scripts and tags. | |
Open Pryv.io | Seems abandoned again in 2021, soon after launching. I can't find any schemas related to consent in the codebase. Hard to see how this monolithic platform can be trimmed to only deal with Consent. Has only 3 contributers, so not sure if really enterprise-grade as labeled. | FALSE | FALSE | FALSE | FALSE | FALSE | A free, full production, easy-to-install open-source solution for the collection and management of sensitive personal and health data. | |
AppNexus CMP | A reference implementation from 4 years ago. Terminology is unfamiliar, no clear data structure found. Deals apparently only with cookie consent and vendor+publisher systems. | FALSE | FALSE | FALSE | FALSE | FALSE |
| |
ConsentStack | Consent Management Platform | CMP | Development not seen in 4 years, consentstack.org offline | FALSE | FALSE | FALSE | FALSE | FALSE | Open source, developer focused & human centric consent management platform. | |
consent-manager | Nothing implemented for persistent consent records, just a JS frontend lib. Dark patterns included (implyConsentOnInteraction). Unclear ownership, website of segments.com is down. Project still sporadically active. Added because it labeled itself with "consent management", actually a lot of Open Source projects exist for purely client-side cookie-based consent without auditing possible. | TRUE | FALSE | FALSE | FALSE | TRUE | Drop-in consent management plugin for analytics.js | |
consent-receipt-dart | https://github.com/adaptant-labs/consent-receipt-dart?ref=https://githubhelp.com | Kantara reference implementation | TRUE | TRUE | TRUE | FALSE | FALSE | Dart library for working with Kantara Initiative Consent Receipts. |
ADA Project | https://github.com/decentralised-dataexchange/automated-data-agreements | NGI-Trust, part of DPG - where is the implementation of this spec? | FALSE | TRUE | TRUE | TRUE | FALSE | Currently code exist for decentralised SSI based systems, but easily extendable to a centralised microservices |
|
|
| FALSE | FALSE | FALSE | FALSE | FALSE |
|
|
|
| FALSE | FALSE | FALSE | FALSE | FALSE |
|
|
|
| FALSE | FALSE | FALSE | FALSE | FALSE |
|
|
|
| FALSE | FALSE | FALSE | FALSE | FALSE |
|
|
|
| FALSE | FALSE | FALSE | FALSE | FALSE |
|